1. Field of the Invention
This invention relates generally to a device and related systems and methods for anonymously storing and accessing data utilizing biometrics.
2. Description of Related Art
Identity management systems typically serve two fundamental purposes, authentication and authorization. Authentication refers to the process used to verify a person's identity. In other words, verifying that a person is who they claim to be. Authorization, on the other hand, refers to the process of establishing access privileges granted to the authenticated individual. Authentication and authorization form the cornerstones of traditional identity management.
In data intensive industries, such as banking, the association of data to an authenticated individual is of enormous importance. Consider, for example, an individual who desires to deposit a paycheck using an automated teller machine (ATM). In this situation, it is critical to the bank and the individual that the deposit be properly routed to the account associated with the individual. The banking industry presently utilizes a two-factor authentication system to verify the identity of the individual making the deposit. More specifically, in order to be properly authenticated, the individual must present an ATM card and a personalized secret code.
Having confidently verified the individual, the financial institution and the individual are reassured that funds are transferred to the correct account belonging to the authenticated individual. In addition to authentication, however, the financial institution must verify that the individual is authorized to conduct a transaction. More specifically, although the individual is verified to be the person he or she claims to be, the institution must make sure that the specific transaction to be conducted is allowed. For example, the individual would have to be authorized to make a withdrawal from an account. As another example, the bank may place a predetermined cap on withdrawals, such that the individual is not authorized to make a withdrawal from the account greater than the cap.
Authentication and authorization play a pivotal role in everyday life. From conducting financial transactions to logging into a computer network, authentication and authorization play a dual and intertwined role central to identity management in data intensive industries. There are, however, inherent problems with the systems currently used to implement authentication and authorization.
Classic database models used for authentication and authorization utilize a spoke and hub data arrangement, in which the individual identity rests at the center with associated ancillary data linked to that individual identity. Consequently, the relationships among ancillary or spoke-level data are managed via the central or hub-level individual identity. While occasional relationships among ancillary or spoke level data may exist or be created, these relationships remain localized. Therefore, in order to make the data stored at the ancillary or spoke level useful, it must be combined with data via the central or hub-level database. More particularly, the central or hub-level database contains information identifying individuals used to enable combination of data from multiple localized databases. Thus, successfully combining ancillary data depends on the ability to uniquely identify the individual at the center of the hub.
The requirement of combining data from multiple ancillary data sources is illustrated in the retrieval of credit scores. While an individual bank may be able to associate various accounts held by a client at its own institution, the bank typically has no way to associate the accounts with the client's accounts at other institutions. Credit reporting agencies, on the other hand, utilize individual identity fields, such as a social security number, to connect account histories and behavior from multiple financial institutions into a single hub and spoke data model. Again, the efficacy of this service relies on the credit reporting agency's ability to uniquely identify the individual account holder.
In present systems, unfortunately, the need to identify the individual raises a number of privacy concerns. In many of these systems, the information used to uniquely identity the individual, such as social security numbers, addresses, and phone numbers, can be tied back to an individual with confidence. Thus, given the potential, if not certainty, of security failure in any Internet connected system, the individual's identity and important private data, such as financial and medical records, are at risk.
Accordingly, there is a need for a new model of authentication and authorization that allows for authentication of an individual with a high degree of certainty, while eliminating the possibility of discovering the individual's true identity from the central hub. More particularly, there is a need for a device that aggregates and associates private data from multiple databases, while authenticating each individual using data that, if intercepted or discovered, would fail to reveal the identity of the individual.
The foregoing objects and advantages of the invention are illustrative of those that can be achieved by the various exemplary embodiments and are not intended to be exhaustive or limiting of the possible advantages which can be realized. Thus, these and other objects and advantages of the various exemplary embodiments will be apparent from the description herein or can be learned from practicing the various exemplary embodiments, both as embodied herein or as modified in view of any variation that may be apparent to those skilled in the art. Accordingly, the present invention resides in the novel methods, arrangements, combinations, and improvements herein shown and described in various exemplary embodiments.